Discovery & Counter-Infiltration (D&CI) Technical Lead - Military veterans preferred



  full-time   employee

United States


Job Description:


  • SAIC is seeking a Sr. Cyber Security Analyst who will be a member of technical engineering and services solutions to a DoD Cyber Security Service Provider (CSSP) in support of mission critical DoD systems in Stafford, VA.

Job Responsibilities:


  • Responsible for daily execution of communication plan with the government to synchronize the efforts of the Incident Management, Hunt, and Cyber Threat Analysis Cell (CTAC) divisions to meet contract deliverables.
  • Lead efforts in collecting and analyzing network and computing events presented via numerous sources in order to identify and document malicious or unauthorized activity on the Enterprise Network.
  • Conduct initial, formal incident reporting and documenting technical details in a Database.
  • Use appropriate skills and techniques in scoping, containing and eradicating incidents.
  • Responsible for supporting the transition of network defense configurations as informed by resolved incidents in order to prevent future occurrences.
  • Hunt team support: - Maintain the body of documentation that describes the tactics, techniques and procedures that comprise the Hunt team.
  • Assess and identify Advanced Persistent Threat (APT) activities within an Operating System.
  • Develop and document tactics, techniques, and procedures (TTPs) for resource planning, operations, and analysis.
  • Research, identify, and verify new APT TTPs to strengthen the overall security posture of the Enterprise Network.
  • Coordinate with intelligence analysts and external threat intelligence reporting sources to support maintenance of current APT TTPs.
  • Directly manage Hunt operations from inception to final after action reporting by leading the technical efforts of the Hunt Team.
  • CND support: - Maintain the body of documentation that describes DCOS CND Incident Response tactics, techniques and procedures, to include an emphasis on Malware and Forensic Analysis.
  • Perform initial, forensically sound collection of system images and inspect same to discern possible mitigation and remediation of network incidents on the Enterprise Network.
  • Perform remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis and direct system remediation tasks to on-site responders.
  • Provide malware analysis to develop incident timelines to include: the dates and times of significant events, command and control domains, and call back addresses; threat objective; and compromised hosts and data.
  • Support custom signature and correlation rules creation to enhance Enterprise Network protections.
  • Support the creation of a ‘big data’ analysis program through the identification of attributes and indications of targeted activity for profile development within the deployed DCOS sensor grid.
  • Document findings; provide reports which incorporate intelligence information provided by the Intelligence branch, historical attack information, as well as current and future (projected/possible) threats targeting the Enterprise Network; Exploit Analysis support: - Create and maintain the body of documentation that describes the tactics, techniques and procedures that comprise the Enterprise Network Exploit Analyst team.
  • Prioritize mitigation actions based on assessed risk upon discovery of critical exploits and vulnerabilities within the lab and production environments.
  • Conduct, analyze and review penetration tests and Joint Red Team assessment results to develop recommendations to protect the Enterprise Network.
  • Analyze and review application, system, and network security postures across the Enterprise Network in both lab and production environments through active scanning, application-layer protocol fingerprinting or traffic analysis.
  • Develop the processes and procedures for replaying network attacks/compromises within a lab environment in order to scope the situation and develop recommended mitigation actions.


Required Education and Experience:


  • Bachelor’s Degree in Computer Science or related IT field or four years of experience in lieu of degree, plus 14+ years experience.
  • 5+ years of experience managing personnel in an information assurance environment.
  • Experience handling nation state level intrusions.
  • 5+ years of demonstrated experience with CND tools, tactics, and techniques in a computer network defense environment.
  • Must Possess a CNDSP Analyst certification (CEH, GCIA, or GCIH).
  • Must Possess IAT Level III certification (CASP CE, CCNP Security, CISA, CISSP, GCED, or GCIH) on day one.

Required Clearance:


  • Active Top Secret/SCI